CVE-2016-1000352

NVD

https://nvd.nist.gov/vuln/detail/CVE-2016-1000352

Severity

7.4

High

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

References

https://nvd.nist.gov/vuln/detail/CVE-2016-1000352
https://github.com/advisories/GHSA-w285-wf9q-5w69
https://www.oracle.com/security-alerts/cpuoct2020.html
https://access.redhat.com/errata/RHSA-2018:2669
https://access.redhat.com/errata/RHSA-2018:2927
https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f
https://security.netapp.com/advisory/ntap-20181127-0004/

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2016-1000352

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company